Data security breaches, including financial frauds and identity thefts of user accounts, on major edtech, OTT and e-commerce platforms have witnessed an alarming rise so far this year compared to last year, a study by cyber security research firm Technisanct has found. "A steep 90-100 per cent rise has been witnessed in Account Take Over posts in India this year, pointing to serious data security breaches and online financial fraud. Most of the crimes occur on major brands in edtech, OTT platforms and e-commerce and e-retail applications, for which, many users share common or long-term passwords," the report said.
Account Takeover (ATO) refers to online identity theft where a cybercriminal accesses a bank, e-commerce or OTT account of the victim, siphons funds to steal credit or debit information or loyalty points, sometimes to commit another cybercrime.
The Bengaluru-based company assessed 12,000 OTT, 7,500 e-retail and e-commerce and 4,500 edtech accounts from January to May during its study. "What makes the situation favourable for ATO is that many Indian users are still using passwords which they used in 2014 for a brand which had a data breach at that time," the study notes.
The study also found out there was a huge demand for OTT usernames and passwords since the lockdown and many of the credentials belonging to Indian brands are regularly available for sale on Telegram and similar data-sharing platforms on the dark web. “Using the same password for the ease of use and many digital business companies not imposing two-factor authentication and not prompting to regularly change their login passwords, fearing that it could create a dent in consumer experience, actually exposes them to threat of ATO, credential stuffing and credential cracking,” said Nandakishore Harikumar, founder & CEO of Technisanct Technologies.
Premium accounts of various OTT platforms took a major hit. Netflix, Amazon Prime and Disney Hotstar are among the major OTT platforms in India. The study also revealed that screenshots of premium account dashboards were sold widely. The report also traced most e-mail IDs and passwords breaches from a single third-party breach of a travel portal in 2019.